ttern - Free Web Hosting with PHP, MySQL and cPanel

More documents

Recommendations

Info

24 Ok, lets get started. You are going to make your own Kon Boot USB flash drive to use on your own test system. The first thing you will need to do is license a copy of Kon Boot. You can do this by accessing www.kryptoslogic.com and navigate to the buy Kon Boot link. Input all necessary licensing information and begin downloading the software. It is important to note that websites other than Kryptos Logic have Kon Boot version 1.0. Downloading this from a third party website may be risky because you never know if someone has injected their own malicious code on top of Kon Boot. As another note, version 1.0 does not support 64 bit operating systems. Spend the money and license a legal copy of this software. Next take a flash drive that does not have any data saved to it and plug the flash drive into your computer. I personally used a very simple SanDisk brand flash drive to accomplish this task. If you use advanced flash drives like Ironkey or other brands that require authentication they will not work properly on boot. You will not be able to access the information contained in them because they require input that you will not be able to provide until your operating system has already loaded. Open the file folder that you downloaded form Kyptros Logic and click on KONUSB, now navigate to KonBootInstall.exe and select it. This will open a command line interface with destination options to write the program. Choose the correct destination for your flash drive and select the corresponding letter drive. Press enter and the program will copy itself to your flash drive and make itself bootable. Now you have successfully burned the Kon Boot program onto your flash media, you can now close your programs and power off your computer. Now you will need to gain access to the BIOS. Power on your computer. When you see the computer manufactures logo press the corresponding function key to access the settings of the BIOS. In the Dell laptop I was using the key was F2. At this point it is important to note if you see a DEFENSE PATTERN password screen similar to that of Figure 2, and you do not know the password, you will not be able to access the BIOS and make any changes. There are ways to remove BIOS passwords but this can be time consuming and cumbersome depending on your computer manufacturer, model, and ease of access to the internal components. If you have not previously set a password this prompt will not appear and will just go the first page of the BIOS. If you can access the BIOS you need to navigate to the boot order options. Now you need to reorder the boot devices to make your media with Kon Boot boot before the hard drive. For this demonstration that would be your USB or removable media drive but, you can also use a Compact Disc or for legacy systems a floppy drive. After you have reordered the boot devices save and exit the BIOS configuration page. Your computer will restart at this point. If you have completed these steps correctly and your system board and chipset are compatible with Kon Boot this should be all you need to modify in order to use the software. Now, with your computer powered off plug your USB flash media with the payload software, Kon Boot, into one of your USB ports. Next power on your computer. Your computer should try to boot the removable media device instead of your hard drive. If your computer successfully boots off your removable media device and loads Kon Boot, you will see a screen with this text on it. Once this screen appears you have successively hooked the kernel. Now all you have to do is wait for the supported Operating system to load and choose an user account to log in with. If the user account is normally password protected, Windows will prompt you for a password. This is normal. You may type any password, gibberish, or just leave the password field blank. Remember Kon Boot allows you to bypass the need for an actual password. Lastly press enter and you should be in the compromised users account, their desktop should appear, and you may access to their Figure 2. A password Protected BIOS screen Figure 3. Reordered bootable devices in the BIOS 03/2011
Password, What Password? files. For those who have been actively following along, you did it. You have just created a very powerful USB tool. Use it ethically. Now that I have sufficiently worried some of you, I am here to tell you there are very easy ways to prevent this attack on your computer. First you will need to gain access to your BIOS using the same steps mentioned above. Next navigate over to the Boot Order options. Next depending on your BIOS use the corresponding key to reorder the boot menu. Have your primary hard drive boot first and disable the other boot devices, or if your BIOS will not let you disable the devices, at least have the other media boot after the primary hard disk drive. Next navigate to the security tab or comparable tab. Now highlight Set Supervisor Password and press enter. A menu should appear like this one. See Figure 5. Create an unique password, hopefully not 1234, and press enter. Lastly you need to exit your BIOS. You will have several options or prompts when you try to exit. You want to select the option that says Exit and Save Changes or a similar choice. If you just exit or say discard changes all of the settings you just inputted will be ignored. Your computer will reboot after you exit the BIOS and will begin booting your operating system. That’s it. This will protect you from simple, time limited, and obvious hardware modification Kon Boot attacks, but will not protect your data if they can reset your BIOS password or extract the hard drive from your computer and use it as an external drive to steal your data off it, much like a criminal would if they just steal your entire computer. The good news is that there are more advanced ways of protecting your computer that are relatively easy. One of the ways to really lock unwanted users out of your computer, especially laptops, is with pre-boot authentication software. This software will completely lock out unauthorized users and render Kon Boot useless against the target system. Your system is protected even if you do not have a BIOS password, even though it is good practice to set one when you buy a laptop. The preboot authentication software also encrypts your entire hard drive, foiling a would be hacker from obtaining any data off the drive with a hard drive encasement kit. Some users might feel that this is overkill but if you are protecting sensitive data like your finances you want to minimize as many data breach opportunities as possible. On most educational, enterprise, and government networks this attack will not work. On government networks the workstations are heavily locked down with enterprise security software. The workstations are also, depending on base and policy, physically locked. The computer cases have been locked controlling access to the physical drives and hardware inside. Enterprise networks are very secure with heavy auditing abilities. Some enterprise networks have fewer restrictions than a government network, but auditing access keeps snooping eyes at bay. On educational networks security can be heavy because of the sensitive information that must be secured. Usually I have seen deep freeze on most lab computers as well as BIOS Passwords. Preboot Authentication is not practical on these types of computers due to the large number of users. If the institution uses a BIOS Password this will lock out the students from being able to use software like Kon Boot. Security cameras, aware staff, and fellow students will notice a student taking a computer out of its enclosure and opening the system during class in order to reset the BIOS. This human level of security is not perfect but will usually stop a student when the threat of expulsion is very real. Now what happens if for some unforeseen reason a user is able to use Kon Boot on a network computer that caches the usernames locally? Unfortunately if there are not security barriers in place to prevent this attack the user, will be able to log in as a user that has Figure 4. Kon Boot successfully hooking the kernel on boot Figure 5. Creation of a BIOS Password www.hakin9.org/en 25
Page 4: Editor in Chief: Grzegorz Tabaka gr
Page 7 and 8: CONTENTS REVERSE ENGINEERING 28 A Q
Page 9 and 10: Malware Analysis for Widows Systems
Page 11 and 12: Malware Analysis for Widows Systems
Page 13 and 14: WHAT IS A GOOD FUZZING TOOL? Fuzz t
Page 15 and 16: Direct Object Reference or, How a T
Page 17 and 18: Direct Object Reference or, How a T
Page 19 and 20: and associates with that specific f
Page 21 and 22: The Logic Behind Application Logic
Page 23: Password, What Password? Computers
Page 28 and 29: 28 REVERSE ENGINEERING A Quick „H
Page 30 and 31: 30 Listing 4. Getting the AddressOf
Page 32 and 33: 32 is stored in the PE headers). Us
Page 34: 34 Table 1. Checking if the �les
Page 37 and 38: Interview with Jan van Bon Exploiti

ttern - Free Web Hosting with PHP, MySQL and cPanel

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?